- Nginx 是开源、高性能、高可靠的 Web 和反向代理服务器,而且支持热部署,几乎可以做到 7 * 24小时不间断运行,即使运行几个月也不需要重新启动,还能在不间断服务的情况下对软件版本进行热更新。
- 性能是 Nginx 最重要的考量,其占用内存少、并发能力强、能支持高达 5w 个并发连接数,最重要的是,Nginx是免费的并可以商业化,配置使用也比较简单。
- 下面提供nginx的安装,nginx搭建反向代理,nginx负载均衡,nginx高可用的详细步骤配置
使用yum安装nginx的特点是简单,方便,安装的是最新版本
[root@server-3 ~]# vim /etc/yum.repos.d/nginx.repo [nginx-stable] name=nginx stable repo baseurl=https://nginx.org/packages/centos/7/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true [nginx-mainline] name=nginx mainline repo baseurl=https://nginx.org/packages/mainline/centos/7/x86_64/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true
3.安装nginx
使用yum安装nginx,并启动,查看版本
[root@server-3 ~]# yum install -y nginx [root@server-3 ~]# nginx [root@server-3 ~]# nginx -v nginx version: nginx/1.20.1
2.2 源码安装nginx 1.特点:
使用源码安装的特点是可自选安装所需的nginx版本
2.配置centos的yum源:因为源码安装需要一些依赖包,故先配置yum源,配置阿里云的yum源,前提是确保虚拟机能够访问互联网
[root@server-3 ~]# curl -o /etc/yum.repos.d/centos7.repo http://mirrors.aliyun.com/repo/Centos-7.repo3.安装依赖包:
[root@server-3 ~]# yum install -y gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel4.下载nginx源码包:
nginx官网下载地址: https://nginx.org/download/
任意版本的nginx都有。
使用wget工具下载:
[root@server-3 ~]# yum install -y wget [root@server-3 ~]# wget https://nginx.org/download/nginx-1.17.8.tar.gz --2021-10-02 15:32:32-- https://nginx.org/download/nginx-1.17.8.tar.gz Resolving nginx.org (nginx.org)... 3.125.197.172, 52.58.199.22, 2a05:d014:edb:5704::6, ... Connecting to nginx.org (nginx.org)|3.125.197.172|:443... connected. ERROR: cannot verify nginx.org's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’: Issued certificate has expired. To connect to nginx.org insecurely, use `--no-check-certificate'. [root@server-3 ~]# wget https://nginx.org/download/nginx-1.17.8.tar.gz --no-check-certificate --2021-10-02 15:32:44-- https://nginx.org/download/nginx-1.17.8.tar.gz Resolving nginx.org (nginx.org)... 52.58.199.22, 3.125.197.172, 2a05:d014:edb:5704::6, ... Connecting to nginx.org (nginx.org)|52.58.199.22|:443... connected. WARNING: cannot verify nginx.org's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’: Issued certificate has expired. HTTP request sent, awaiting response... 200 OK Length: 1038627 (1014K) [application/octet-stream] Saving to: ‘nginx-1.17.8.tar.gz’ 100%[========================================================================================================>] 1,038,627 153KB/s in 6.6s 2021-10-02 15:32:53 (153 KB/s) - ‘nginx-1.17.8.tar.gz’ saved [1038627/1038627]5.解压安装:
[root@server-3 ~]# tar -xzf nginx-1.17.8.tar.gz -C /usr/local/ [root@server-3 ~]# mkdir -p /var/temp/nginx [root@server-3 ~]# cd /usr/local/nginx-1.17.8/ [root@server-3 nginx-1.17.8]# ls auto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src [root@server-3 nginx-1.17.8]# ./configure --prefix=/usr/local/nginx --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_gzip_static_module --http-client-body-temp-path=/var/temp/nginx/client --http-proxy-temp-path=/var/temp/nginx/proxy --http-fastcgi-temp-path=/var/temp/nginx/fastcgi --http-uwsgi-temp-path=/var/temp/nginx/uwsgi --with-http_stub_status_module --with-http_ssl_module --http-scgi-temp-path=/var/temp/nginx/scgi 上段命令直接复制代码: ./configure --prefix=/usr/local/nginx --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_gzip_static_module --http-client-body-temp-path=/var/temp/nginx/client --http-proxy-temp-path=/var/temp/nginx/proxy --http-fastcgi-temp-path=/var/temp/nginx/fastcgi --http-uwsgi-temp-path=/var/temp/nginx/uwsgi --with-http_stub_status_module --with-http_ssl_module --http-scgi-temp-path=/var/temp/nginx/scgi 进行编译安装: [root@server-3 nginx-1.17.8]# make [root@server-3 nginx-1.17.8]# make install6.启动nginx
[root@server-3 nginx-1.17.8]# cd /usr/local/nginx [root@server-3 nginx]# ls conf html sbin [root@server-3 nginx]# sbin/nginx [root@server-3 nginx]# ps -ef |grep nginx root 10562 1 0 15:40 ? 00:00:00 nginx: master process sbin/nginx nobody 10563 10562 0 15:40 ? 00:00:00 nginx: worker process root 10566 7566 0 15:40 pts/1 00:00:00 grep --color=auto nginx
浏览器访问:虚拟机ip:80 查看是否出现nginx首页
前提是关闭虚拟机防火墙以及selinux
3.nginx配置反向代理(例1):
反向代理1:
所需实现的效果:
浏览器访问 www.123.com 将会跳转到 tomcat 的首页
1.准备工作:
安装 tomcat:
[root@server-3 ~]# wget https://dlcdn.apache.org/tomcat/tomcat-9/v9.0.53/bin/apache-tomcat-9.0.53.tar.gz [root@server-3 ~]# tar -xzvf apache-tomcat-9.0.53.tar.gz -C /usr/local/
因为启动tomcat需要基于java环境,此处启动tomcat之前先配置java环境
java包的下载地址:https://www.oracle.com/java/technologies/javase/javase-jdk8-downloads.html
[root@server-3 ~]# tar -xzvf jdk-8u181-linux-x64.tar.gz -C /usr/local/ [root@server-3 ~]# vim /etc/profile export JAVA_HOME=/usr/local/jdk1.8.0_291 export PATH=$PATH:$JAVA_HOME/bin [root@server-3 ~]# source /etc/profile [root@server-3 ~]# java -version openjdk version "1.8.0_302" OpenJDK Runtime Environment (build 1.8.0_302-b08) OpenJDK 64-Bit Server VM (build 25.302-b08, mixed mode) [root@server-3 ~]# jps 10840 Jps
启动tomcat
[root@server-3 ~]# cd /usr/local/apache-tomcat-9.0.53/ [root@server-3 apache-tomcat-9.0.53]# bin/startup.sh start Using CATALINA_base: /usr/local/apache-tomcat-9.0.53 Using CATALINA_HOME: /usr/local/apache-tomcat-9.0.53 Using CATALINA_TMPDIR: /usr/local/apache-tomcat-9.0.53/temp Using JRE_HOME: /usr/local/jdk1.8.0_291 Using CLASSPATH: /usr/local/apache-tomcat-9.0.53/bin/bootstrap.jar:/usr/local/apache-tomcat-9.0.53/bin/tomcat-juli.jar Using CATALINA_OPTS: Tomcat started. [root@server-3 apache-tomcat-9.0.53]# jps 10947 Jps 10874 Bootstrap
验证:
修改nginx配置文件
[root@server-3 ~]# cd /usr/local/nginx/conf/
在sever模块下配置
[root@server-3 conf]# vim nginx.conf
server {
listen 80;
server_name 192.168.66.191; #将此处的localhost改成本机ip,浏览器访问域名时需解析到此ip
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_pass http://127.0.0.1:8080; #因为tomcat服务也搭建在此虚拟机中,tomcat是8080端口,此配置是反向代理是否成功的关键
root html;
index index.html index.htm;
}
重启nginx,使其配置生效:
[root@server-3 conf]# cd ../sbin
[root@server-3 sbin]# ./nginx -s reload
3.win中的hosts解析
在windows中添加hosts解析:
添加一行
虚拟机ip www.123.com
例如:192.168.66.191 www.123.com
4.测试:
浏览器访问:www.123.com
查看是否会跳转到 tomcat 首页
由此 一个简单的 nginx 反向代理配置 success!!
4.nginx配置反向代理(例2):
使用nginx反向代理,根据访问的路径跳转到不同的端口服务中, nginx监听端口为9001
此处所需要实现的效果为:
访问 http://192.168.11.131:9001/edu/ 直接跳转到127.0.0.1:8080
访问 http://192.168.11.131:9001/stu/ 直接跳转到127.0.0.1:8081
使用nginx即可简单方便的实现这一效果,来达到,访问同一ip或同一域名时,后接其他参数时访问不同的页面。
1.准备工作:准备两台tomcat ,tomcat1 和 tomcat2
因上述实验已有一个 tomcat 是 8080端口,再安装一个tomcat2 设置为 8081 端口;
先关闭上一实验启动的tomcat [root@server-3 ~]# ps -ef |grep apache root 7221 1 1 15:35 pts/0 00:00:03 /usr/local/jdk1.8.0_291/bin/java -Djava.util.logging.config.file=/usr/local/tomcat1/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Dignore.endorsed.dirs= -classpath /usr/local/tomcat1/bin/bootstrap.jar:/usr/local/tomcat1/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/tomcat1 -Dcatalina.home=/usr/local/tomcat1 -Djava.io.tmpdir=/usr/local/tomcat1/temp org.apache.catalina.startup.Bootstrap start root 10869 1218 0 15:39 pts/0 00:00:00 grep --color=auto apache [root@server-3 ~]# kill -9 7221 启动第二个tomcat [root@server-3 ~]# cd /usr/local/ [root@server-3 local]# mkdir /usr/local/tomcat1 /usr/local/tomcat2 [root@server-3 local]# mv apache-tomcat-9.0.53/ tomcat1/ [root@server-3 local]# tar -xvzf /root/apache-tomcat-9.0.53.tar.gz -C /usr/local/tomcat2 修改tomcat2的端口: [root@server-3 local]# cd tomcat2/apache-tomcat-9.0.53/ [root@server-3 tomcat2]# vim conf/server.xml
2. 验证两个tomcat是否启动启动tomcat1 和 tomcat2
[root@server-3 ~]# cd /usr/local/tomcat1/ [root@server-3 tomcat1]# bin/startup.sh start Using CATALINA_base: /usr/local/tomcat1 Using CATALINA_HOME: /usr/local/tomcat1 Using CATALINA_TMPDIR: /usr/local/tomcat1/temp Using JRE_HOME: /usr/local/jdk1.8.0_291 Using CLASSPATH: /usr/local/tomcat1/bin/bootstrap.jar:/usr/local/tomcat1/bin/tomcat-juli.jar Using CATALINA_OPTS: Tomcat started. [root@server-3 tomcat1]# cd ../tomcat2/apache-tomcat-9.0.53/ [root@server-3 tomcat2]# bin/startup.sh start Using CATALINA_base: /usr/local/tomcat2 Using CATALINA_HOME: /usr/local/tomcat2 Using CATALINA_TMPDIR: /usr/local/tomcat2/temp Using JRE_HOME: /usr/local/jdk1.8.0_291 Using CLASSPATH: /usr/local/tomcat2/bin/bootstrap.jar:/usr/local/tomcat2/bin/tomcat-juli.jar Using CATALINA_OPTS: Tomcat started.
浏览器访问测试 : 192.168.66.191:8080
浏览器访问测试 : 192.168.66.191:8081
两个tomcat启动成功后,可进入tomcat中创建目录和编写文件
index.html文件中编写端口号,便于识别[root@server-3 ~]# cd /usr/local/tomcat1/webapps/ [root@server-3 webapps]# mkdir edu [root@server-3 webapps]# echo "8080" > edu/index.html [root@server-3 webapps]# cd /usr/local/tomcat2/apache-tomcat-9.0.53/webapps/ [root@server-3 webapps]# mkdir stu [root@server-3 webapps]# echo "8081" > stu/index.html
3.配置nginx配置文件nginx反向代理的配置如下:
[root@server-3 ~]# cd /usr/local/nginx/conf/ [root@server-3 conf]# vim nginx.conf 添加一个server模块: server { listen 9001; server_name 192.168.66.191; location ~/edu/ { proxy_pass http://127.0.0.1:8080; } location ~/stu/ { proxy_pass http://127.0.0.1:8081; } }
启动nginx
[root@server-3 conf]# cd ../sbin/ [root@server-3 sbin]# ls nginx [root@server-3 sbin]# ./nginx
4.访问测试:浏览器访问:192.168.66.191:9001/edu/
浏览器访问:192.168.66.191:9001/stu/即实现了一个域名/ip 一个端口访问不同的页面!
5.nginx 配置负载均衡 5.1负载均衡介绍+实现效果:使用nignx配置负载均衡是nginx服务中很常用的一个场景,原先请求都集中到单个服务器上的情况改为分发到多个服务器上。随着服务器的数量增加,nginx会将各种请求分发到各个服务器中,这种情况就是我们所说的负载均衡。
如上图所描述的,浏览器从客户端访问服务器,通过nginx可以将客户端的请求平均分发到其他服务器,使这些服务器所接收的请求平均一些。nginx负载均衡实现的效果如下:
浏览器访问:192.168.66.191/edu/index.html 时,
他的请求将会平均分发到 tomcat1(8080)和 tomcat2 (8081)
也就是,每刷新一次,网页,都会在8080和8081之间转换。
5.2 准备工作:在 tomcat1 和 tomcat2 中都创建 edu 目录,里面写8080和8081 便于识别
因上个反向代理实验中,tomcat1 已有此目录和文件,故仅需在 tomcat2 中创建先停掉上一实验的tomcat和nginx [root@server-3 ~]# ps -ef |grep nginx root 11938 1 0 15:59 ? 00:00:00 nginx: master process ./nginx nobody 11939 11938 0 15:59 ? 00:00:00 nginx: worker process root 13041 1218 0 16:22 pts/0 00:00:00 grep --color=auto nginx [root@server-3 ~]# kill -9 11938 [root@server-3 ~]# kill -9 11939 [root@server-3 ~]# [root@server-3 ~]# ps -ef |grep apache root 11191 1 0 15:45 pts/0 00:00:06 /usr/local/jdk1.8.0_291/bin/java -Djava.util.logging.config.file=/usr/local/tomcat1/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Dignore.endorsed.dirs= -classpath /usr/local/tomcat1/bin/bootstrap.jar:/usr/local/tomcat1/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/tomcat1 -Dcatalina.home=/usr/local/tomcat1 -Djava.io.tmpdir=/usr/local/tomcat1/temp org.apache.catalina.startup.Bootstrap start start root 11224 1 0 15:45 pts/0 00:00:06 /usr/local/jdk1.8.0_291/bin/java -Djava.util.logging.config.file=/usr/local/tomcat2/apache-tomcat-9.0.53/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Dignore.endorsed.dirs= -classpath /usr/local/tomcat2/apache-tomcat-9.0.53/bin/bootstrap.jar:/usr/local/tomcat2/apache-tomcat-9.0.53/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/tomcat2/apache-tomcat-9.0.53 -Dcatalina.home=/usr/local/tomcat2/apache-tomcat-9.0.53 -Djava.io.tmpdir=/usr/local/tomcat2/apache-tomcat-9.0.53/temp org.apache.catalina.startup.Bootstrap start start root 13058 1218 0 16:22 pts/0 00:00:00 grep --color=auto apache [root@server-3 ~]# kill -9 11191 [root@server-3 ~]# kill -9 11224 tomcat2创建edu目录和文件 [root@server-3 ~]# cd /usr/local/tomcat2/apache-tomcat-9.0.53/webapps/ [root@server-3 webapps]# mkdir edu [root@server-3 webapps]# echo "8081" >edu/index.html
下面配置nginx中的负载均衡
[root@server-3 ~]# cd /usr/local/nginx/conf/ [root@server-3 conf]# vim nginx.conf http模块下新增这一配置 upstream mytomcat { server 192.168.66.191:8080 weight=1; server 192.168.66.191:8081 weight=1; } server { listen 80; server_name 192.168.66.191; #charset koi8-r; #access_log logs/host.access.log main; location / { proxy_pass http://mytomcat; root html; index index.html index.htm; }新增mytomcat,以及新增location里的配置
5.3 启动nginx 和tomcat1 tomcat2
[root@server-3 conf]# cd ../sbin/ [root@server-3 sbin]# ./nginx [root@server-3 sbin]# cd /usr/local/tomcat1/bin/ [root@server-3 bin]# ./startup.sh Using CATALINA_base: /usr/local/tomcat1 Using CATALINA_HOME: /usr/local/tomcat1 Using CATALINA_TMPDIR: /usr/local/tomcat1/temp Using JRE_HOME: /usr/local/jdk1.8.0_291 Using CLASSPATH: /usr/local/tomcat1/bin/bootstrap.jar:/usr/local/tomcat1/bin/tomcat-juli.jar Using CATALINA_OPTS: Tomcat started. [root@server-3 bin]# [root@server-3 bin]# cd /usr/local/tomcat2/apache-tomcat-9.0.53/bin/ [root@server-3 bin]# ./startup.sh Using CATALINA_base: /usr/local/tomcat2/apache-tomcat-9.0.53 Using CATALINA_HOME: /usr/local/tomcat2/apache-tomcat-9.0.53 Using CATALINA_TMPDIR: /usr/local/tomcat2/apache-tomcat-9.0.53/temp Using JRE_HOME: /usr/local/jdk1.8.0_291 Using CLASSPATH: /usr/local/tomcat2/apache-tomcat-9.0.53/bin/bootstrap.jar:/usr/local/tomcat2/apache-tomcat-9.0.53/bin/tomcat-juli.jar Using CATALINA_OPTS: Tomcat started. [root@server-3 bin]#
5.4验证测试:浏览器访问: 192.168.66.191:80/edu/index.html
然后刷新
将浏览器对tomcat的请求,平均分发到了8080 和8081 这两个服务上,
即是实现了nginx的负载均衡!
6. nginx 配置高可用 6.1 高可用:日常管理中,服务器出现宕机,可有其余多台服务器进行使用。若nginx出现宕机,那些请求将无法分发到服务器中,也就会导致其无法正常使用,因此,为了防止nginx出现宕机的情况,故对其配置nginx高可用。
6.2 配置nginx高可用
配置nginx高可用需要两台nginx,安装nginx的步骤参考上述的 2.2 章节,采用源码安装,此处不再详写nginx安装。
两台nginx安装好以后,
其ip为:
192.168.66.191
192.168.66.192
将191作为主节点称为master,192作为备节点backup配置nginx高可用还需要安装keepalived
关闭上一实验所启动的服务 使用 ps -ef |grep apache/nginx 过滤查看进程,并使用 kill -9 关掉所有服务。 详细操作参考5.2 两个节点安装keepalived [root@server-3 ~]# yum install -y keepalived [root@server-4 ~]# yum install -y keepalived
修改 keepalived 配置文件:[root@server-3 ~]# vim /etc/keepalived/keepalived.conf global_defs { notification_email { acassen@firewall.loc failover@firewal1.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp server 192.168.66.191 #本机ip smtp connect_timeout 30 router_id LvS_DEVEL } vrrp_script chk_http_port { script "/usr/local/src/check.sh" interval 2 #(检测脚本执行的间隔) weight 2 } vrrp_instance VI_1 { state MASTER #备份服务器上将MASTER改为BACKUP interface ens32 //网卡 virtual_router_id 51 #主、备机的virtual router id必须相同priority 90#主、备机取不同的优先级,主机值较大,备份机值较小 advert_int 100 authentication { auth_type PASS auth pass 1111 } virtual_ipaddress { 192.168.66.50 // VRRP H虚拟地址 } } 将此配置文件从主节点191(master)复制到从节点192(backup)节点 [root@server-3 ~]# scp /etc/keepalived/keepalived.conf 192.168.66.192:/etc/keepalived/keepalived.conf 在backup节点修改配置文件: [root@server-4 ~]# vim /etc/keepalived/keepalived.conf smtp server 192.168.66.192 #本机ip state BACKUP #备份服务器上将MASTER改为BACKUP advert_int 90
两台服务器编写检测脚本:[root@server-3 ~]# vim /usr/local/src/check.sh #!bin/bash A=`ps -C nginx -no-header |wc -l` if [ $A -eq 0 ]; then /usr/local/nginx/sbin/nginx sleep 2 if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then killall keepalived fi fi 使用scp从主节点cp到备节点 [root@server-3 ~]# scp /usr/local/src/check.sh 192.168.66.192:/usr/local/src/
6.3 启动服务:启动两台服务器的nginx 和 keepalived
[root@server-3 ~]# cd /usr/local/nginx/sbin/ [root@server-3 sbin]# ./nginx [root@server-3 sbin]# systemctl start keepalived [root@server-4 ~]# systemctl start keepalived [root@server-4 ~]# cd /usr/local/nginx/sbin/ [root@server-4 sbin]# ./nginx6.4 访问测试:浏览器访问 虚拟ip 地址,看清楚,是虚拟ip地址,在 keepalived 的配置文件中末尾处,
有一个地方是配置了虚拟ip地址的,
浏览器访问在配置文件中写的虚拟IP
我写的是: 192.168.66.50
故在浏览器访问 192.168.66.50
